nadalin
commented
7 years ago In FIDO we have looked at things like QR codes, call backs, etc. we found these interesting but not a option for the first release
Closed cyberphone closed 7 years ago
nadalin
commented
7 years ago In FIDO we have looked at things like QR codes, call backs, etc. we found these interesting but not a option for the first release
cyberphone
commented
7 years ago Apparently this use case is already dead since the PC vendors do not intend to include NFC support since there is [currently] no use case for NFC which BTW was one of the motives behind this design.
Defensive Publication
The following was not developed for WebAuthn but may be usable anyway. Similar systems using QR code or phone numbers instead of NFC are in fairly big use in Europe including millions of frequent users in Sweden only. Payments is another major application, particularly in China.
Using Web NFC adds several qualities over the existing schemes:
Assumption: The Service, PC, and Phone are free from malware interfering with the devised scheme.
The security of this scheme is based on multiple factors:
The original (and possibly updated) document is available at: https://cyberphone.github.io/doc/research/nfc-based-qr-replacement.pdf
Although not evident by reading this issue is that the idea is also using a slightly modified scheme to enable local NFC based payments using high-level Web based protocols rather than card emulation while still using the same "App". In such uses, Bluetooth pairing would be a nice feature since Wi-Fi or mobile network may not always be available.
For high-level payment schemes, WebSocket may be a better solution for step 10 and 11.
"Web NFC" in this description is a special purpose write only scheme.